BlackSuit Ransomware Cripples Revolution Resources in Major Cyberattack

Incident Date:

June 24, 2024

World map

Overview

Title

BlackSuit Ransomware Cripples Revolution Resources in Major Cyberattack

Victim

Revolution Resources

Attacker

Black Suit

Location

Oklahoma City, USA

Oklahoma, USA

First Reported

June 24, 2024

BlackSuit Ransomware Group Targets Revolution Resources in Devastating Attack

Overview of Revolution Resources

Revolution Resources is a prominent company in the Energy, Utilities & Waste sector, specializing in comprehensive solutions for the recycling and waste management industry. The company focuses on innovative and sustainable methods to handle various types of waste, including electronic waste (e-waste), industrial waste, and other recyclable materials. Their services aim to help businesses manage waste more efficiently, reduce environmental footprints, and comply with regulatory requirements.

One of the core services provided by Revolution Resources is e-waste recycling, which involves the collection, processing, and recycling of electronic devices such as computers and smartphones. The company ensures environmentally responsible disposal and recovery of valuable materials like precious metals. Additionally, they offer industrial waste management services, providing customized solutions for different industries to manage waste safely and efficiently.

Revolution Resources is committed to promoting a circular economy, where materials are reused and recycled to create new products. They work closely with clients to identify opportunities for waste reduction and resource recovery, investing in research and development to stay at the forefront of recycling technology.

Details of the Ransomware Attack

Revolution Resources recently fell victim to a ransomware attack orchestrated by the BlackSuit group. The cybercriminals successfully infiltrated the company's systems, encrypting critical data and demanding a ransom for its release. This attack has significantly disrupted operations, posing substantial challenges as the company works to restore its systems and secure its network against future threats.

The attack has highlighted vulnerabilities within Revolution Resources' cybersecurity infrastructure, making them a target for sophisticated threat actors like BlackSuit. The company's reliance on digital systems for managing waste and recycling processes may have contributed to the severity of the attack.

Profile of the BlackSuit Ransomware Group

BlackSuit is a new ransomware family that emerged in 2023, closely related to the notorious Royal ransomware group. Experts have discovered significant similarities between the code and functionality of BlackSuit and Royal ransomware, suggesting that BlackSuit may be a new variant developed by the same authors, a copycat using similar code, or an affiliate of the Royal ransomware gang.

Potential Penetration Methods

While the exact method of penetration in the Revolution Resources attack is not publicly disclosed, BlackSuit ransomware typically exploits vulnerabilities in both Windows and Linux systems, including VMware ESXi infrastructure. Common attack vectors include phishing emails, exploiting unpatched software vulnerabilities, and leveraging weak or compromised credentials.

Given the high degree of similarity between BlackSuit and Royal ransomware, it is likely that the attackers used sophisticated techniques to bypass security measures and gain access to Revolution Resources' critical systems. The company's reliance on digital infrastructure for waste management and recycling processes may have made it an attractive target for the ransomware group.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.